๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-40198 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in StandaloneTech TeraWallet รขโ‚ฌโ€œ For WooCommerce plugin <= 1.3.24 leading to plugin settings change.

๐Ÿ“– Read

via "National Vulnerability Database".
216 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-1064 โ€ผ

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Uzay Baskul Weighbridge Automation Software allows SQL Injection.This issue affects Weighbridge Automation Software: before 1.1.

๐Ÿ“– Read

via "National Vulnerability Database".
207 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-1117 โ€ผ

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.

๐Ÿ“– Read

via "National Vulnerability Database".
205 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23973 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Contact Us Page รขโ‚ฌโ€œ Contact People plugin <= 3.7.0.

๐Ÿ“– Read

via "National Vulnerability Database".
211 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-1116 โ€ผ

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.

๐Ÿ“– Read

via "National Vulnerability Database".
226 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23984 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu รขโ‚ฌโ€œ circle floating menu plugin <= 3.0.1 leading to form deletion.

๐Ÿ“– Read

via "National Vulnerability Database".
252 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-46797 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Conversios All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce plugin <= 5.2.3 leads to plugin settings change.

๐Ÿ“– Read

via "National Vulnerability Database".
269 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-38468 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin รขโ‚ฌโ€œ NextGEN Gallery plugin <= 3.28 leading to thumbnail alteration.

๐Ÿ“– Read

via "National Vulnerability Database".
301 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด CISA: ZK Java Framework RCE Flaw Under Active Exploit ๐Ÿ•ด

The flaw, which drew attention in October when it was found in ConnectWise products, could pose a significant risk to the supply chain if not patched immediately.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
CISA: ZK Java Framework RCE Flaw Under Active Exploit
The flaw, which drew attention in October when it was found in ConnectWise products, could pose a significant risk to the supply chain if not patched immediately.
307 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-24755 โ€ผ

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

๐Ÿ“– Read

via "National Vulnerability Database".
265 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-25222 โ€ผ

A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c.

๐Ÿ“– Read

via "National Vulnerability Database".
252 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-46806 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Cart All In One For WooCommerce plugin <= 1.1.10 leading to cart modification.

๐Ÿ“– Read

via "National Vulnerability Database".
231 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-25544 โ€ผ

Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks.

๐Ÿ“– Read

via "National Vulnerability Database".
187 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-24756 โ€ผ

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

๐Ÿ“– Read

via "National Vulnerability Database".
167 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-46798 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.5.1 leading to plugin settings change.

๐Ÿ“– Read

via "National Vulnerability Database".
152 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-24757 โ€ผ

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

๐Ÿ“– Read

via "National Vulnerability Database".
145 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-24758 โ€ผ

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

๐Ÿ“– Read

via "National Vulnerability Database".
145 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-45608 โ€ผ

An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. It is important to note that in order to accomplish this, the attacker must know the corresponding API's parameter (authority : value).

๐Ÿ“– Read

via "National Vulnerability Database".
144 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-47148 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce plugin <= 3.2.5 leading to popup dismiss.

๐Ÿ“– Read

via "National Vulnerability Database".
140 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-0594 โ€ผ

Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this will be rendered when the span's attributes/resources are expanded. An attacker needs to have the Editor role in order to change the value of a trace view visualization to contain JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix.

๐Ÿ“– Read

via "National Vulnerability Database".
149 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-24567 โ€ผ

Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks.

๐Ÿ“– Read

via "National Vulnerability Database".
144 views